All Collections
Integration Guide
Kaspersky Security Centre
Kaspersky Security Centre
Ali Murtaza avatar
Written by Ali Murtaza
Updated over a week ago

About Kaspersky Security Centre

Kaspersky Security Center is a scalable, unified management console that supports growing businesses with changing security needs, and facilitates comprehensive systems and security management, with a separation of administrator responsibilities. It makes it easy to manage and secure both physical and virtual endpoints from a single,

The integration with SIRP allows automated interactions with a Kaspersky Security Center by using playbooks. Security professionals can perform automated operations on Kaspersky Security Center through SIRP.

Supported Actions

SIRP’s Kaspersky Security Center integration app allows you to execute the following actions:

S.no

Action

Description

1

Get host applications

Retrieve software applications for a host.

2

Get host details

Retrieve host details.

3

List groups

Retrieve a list of all groups

4

List virtual machines

Retrieve a list of virtual machines

5

Get host group static info

Retrieve a host group static Info.

6

Block IP

Block IP Address on Kaspersky

7

Block DOMAIN

Block Domain on Kaspersky

8

Block URL

Block URL on Kaspersky

9

Block HASH

Block Hashes on Kaspersky

10

Unblock IP

Unblock IP Address on Kaspersky

11

Unblock DOMAIN

Unblock Domain on Kaspersky

12

Unblock URL

Unblock URL on Kaspersky

13

Unblock HASH

Unblock Hashes on Kaspersky

Enable and Kaspersky Security Centre

Create a new user on the Kaspersky Security Centre

  1. Open Kaspersky Security Console.

  2. Create a custom role with the following access rights





    3. Create a New user and assign the custom role

    4. Also, assign a minimum operator role to this new user.

Enable the Kaspersky Security Centre app in SIRP

  1. First, log in to SIRP, then go to Apps from the left navigation bar.

  2. Locate the app named Kaspersky Security Centre.

  3. Enable the Email Security app by clicking on the toggle button under the Status Column.

Once you enable the App, click the configure option to integrate SIRP with Kaspersky Security Centre.

Add the following details and click Save:

  1. URL: <URL from the Kaspersky Security Centre console>:13299

  2. Username: <User created on Kaspersky Security Centre>

  3. Password: <Password assigned to user>

  4. Policy-ID :< ID of the Policy >

  5. Category-Name :< Name of the Category created in Application Category for Hash Blocking >

  6. Network-Rule: <Name of the Rule Created in Network Packet Rule for IP Blocking >

  7. Rule-List :< Name of Rule created in Web control for URL and Domains Blocking >

Policy -ID

Click on the Policy you created for Windows Users.
You will find the policy ID above in the Link
exp:1007


Category-Name

  • Go to Application Management >Application Category

  • In the Application Category create a new Category SIRP_Hashes

    Note: Add any dummy hashes in Condition and Exclusion also

Network-Rule

  • Select the Policy where the IP will be blocked.

  • Go to Essential Threat Protection > Firewall > Settings>Network packet rules

  • In Network Packet Rules create a new rule sirp

Rule-List

  • Select the Policy where you will Block URLs and Domains

  • Go to Security Controls > Web Controls

  • In Web Controls add a new rule name sirp

Did this answer your question?